Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9762274-c916-4e75-a8ee-f0e4966bd488.roa
File:                     c9762274-c916-4e75-a8ee-f0e4966bd488.roa (raw, json)
Hash identifier:          RuAuCM7Y1YZP/bD/ptA+gefR01Q/PtR0crbVAGZg7vU=
Subject key identifier:   65:3E:F7:03:4E:9D:06:75:29:17:25:62:39:34:F2:68:6A:B6:21:55
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       2EAFD788AC9C67185807AD12E2F25D03BFEE08F3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9762274-c916-4e75-a8ee-f0e4966bd488.roa
Signing time:             Sat 18 Oct 2025 04:30:25 +0000
ROA not before:           Sat 18 Oct 2025 04:30:25 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07b:9000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:af:d7:88:ac:9c:67:18:58:07:ad:12:e2:f2:5d:03:bf:ee:08:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Oct 18 04:30:25 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=64ece31cb35b45debb89d6e70f671e516da7c76de26dfca01f6c9abdb2b221a9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b1:8e:8e:92:3e:91:6a:a5:16:af:b2:96:d5:
                    e1:f8:dc:6a:52:7a:5f:7d:aa:69:65:04:6a:44:a4:
                    f6:e5:3c:a3:40:e4:84:ee:f8:ce:02:59:88:00:50:
                    1b:da:90:49:02:35:f4:74:51:87:a6:12:83:6b:fe:
                    6a:24:0d:88:6b:41:46:93:c7:4c:46:8e:ee:cb:f8:
                    a6:ce:d1:10:93:86:f8:e8:04:5e:eb:c8:16:ca:43:
                    f7:f5:3f:ca:9e:79:73:80:a8:5b:49:ce:f6:50:59:
                    c2:2f:a2:f6:99:43:61:78:c6:9a:98:ad:f2:d4:eb:
                    29:9c:18:fb:ba:04:16:07:65:6d:7b:cf:7e:70:29:
                    27:71:97:84:81:c4:37:5a:87:0f:7d:3e:19:73:8c:
                    7e:61:42:64:25:84:02:0d:9d:de:10:58:64:db:f8:
                    ef:eb:a4:26:9a:d9:02:5a:0c:ef:9e:e5:e9:36:c6:
                    86:aa:38:29:74:62:43:ad:75:8c:88:dd:5d:b3:a1:
                    91:b1:fb:44:30:86:89:13:98:6b:19:d9:2d:3e:e2:
                    69:13:c0:33:45:be:5a:26:dc:36:1b:a7:21:ef:a7:
                    49:b6:ca:dc:0f:bc:72:c7:3b:08:73:47:8c:67:0b:
                    f6:69:6c:37:2a:30:da:45:2b:39:0f:09:2b:28:0d:
                    f7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3E:F7:03:4E:9D:06:75:29:17:25:62:39:34:F2:68:6A:B6:21:55
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c9762274-c916-4e75-a8ee-f0e4966bd488.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07b:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         50:48:d9:b9:c2:ed:c5:a4:35:56:ee:89:e8:c6:25:66:ee:67:
         a0:7d:9d:1d:d4:e5:b0:9a:bd:f8:fe:12:48:3a:88:4c:30:0b:
         78:96:75:2b:c1:ce:08:f9:2a:d2:d6:41:60:0c:8b:c7:e6:03:
         ed:a2:7a:15:54:6d:20:dc:14:b7:34:58:8a:d2:57:bd:eb:99:
         09:03:ff:1c:ea:27:1d:2b:6a:40:ae:ee:3e:ba:a3:16:3c:fd:
         0a:14:e1:22:59:bf:69:eb:dd:73:9a:ac:03:dd:3f:d5:77:9c:
         7c:24:bf:85:c3:56:de:20:dd:e2:49:28:2d:8f:6f:86:f4:21:
         3c:dd:e9:c8:80:13:ab:9c:14:5c:49:90:fc:b8:c9:81:53:ef:
         ba:80:da:ce:57:90:e9:30:a6:d4:f1:ac:aa:6e:bc:85:6e:62:
         d6:10:d6:6c:a6:64:e6:83:2d:5a:86:bd:7e:03:4d:62:db:02:
         b4:03:65:29:3f:7c:01:c2:93:c8:19:93:d6:59:7d:9b:f5:fb:
         f4:d6:bd:6a:6d:26:df:f5:3f:e0:db:40:9a:b2:89:72:7a:c1:
         42:19:3a:d8:b6:96:86:30:df:a2:e7:5c:81:4f:53:bb:cd:29:
         f9:07:38:e5:01:93:a1:a2:69:77:2e:31:36:ac:c1:29:e0:13:
         29:ed:10:12
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULq/XiKycZxhYB60S4vJdA7/uCPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTgwNDMwMjVaFw0yNTExMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0ZWNlMzFjYjM1YjQ1ZGViYjg5ZDZlNzBmNjcxZTUxNmRhN2M3NmRlMjZk
ZmNhMDFmNmM5YWJkYjJiMjIxYTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALCxjo6SPpFqpRavspbV4fjcalJ6X32qaWUEakSk9uU8o0DkhO74zgJZiABQ
G9qQSQI19HRRh6YSg2v+aiQNiGtBRpPHTEaO7sv4ps7REJOG+OgEXuvIFspD9/U/
yp55c4CoW0nO9lBZwi+i9plDYXjGmpit8tTrKZwY+7oEFgdlbXvPfnApJ3GXhIHE
N1qHD30+GXOMfmFCZCWEAg2d3hBYZNv47+ukJprZAloM757l6TbGhqo4KXRiQ611
jIjdXbOhkbH7RDCGiROYaxnZLT7iaRPAM0W+WibcNhunIe+nSbbK3A+8csc7CHNH
jGcL9mlsNyow2kUrOQ8JKygN980CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRlPvcD
Tp0GdSkXJWI5NPJoarYhVTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzk3NjIyNzQtYzkxNi00ZTc1LWE4ZWUtZjBlNDk2NmJkNDg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HuQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBQSNm5wu3FpDVW7onoxiVm7megfZ0d1OWwmr34
/hJIOohMMAt4lnUrwc4I+SrS1kFgDIvH5gPtonoVVG0g3BS3NFiK0le965kJA/8c
6icdK2pAru4+uqMWPP0KFOEiWb9p691zmqwD3T/Vd5x8JL+Fw1beIN3iSSgtj2+G
9CE83enIgBOrnBRcSZD8uMmBU++6gNrOV5DpMKbU8ayqbryFbmLWENZspmTmgy1a
hr1+A01i2wK0A2UpP3wBwpPIGZPWWX2b9fv01r1qbSbf9T/g20CasolyesFCGTrY
tpaGMN+i51yBT1O7zSn5BzjlAZOhoml3LjE2rMEp4BMp7RAS
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:09 2025 by rpki-client